When we last left our heroes, I had finally managed to encrypt my SSD, and after running clonezilla probably a hundred times to back up and restore the drive after fucking it up, I decided to try and simplify the backup process.

Part of the hassle was the fact that I had removed the optical drive and installed the original mechanical drive into that bay. This meant booting from an external DVD drive, or from a USB stick in order to do the backups. I was also using GParted a lot, which meant a second cd-rom disc or thumb drive. Thankfully I was using an i-Odd external hard drive to do this, but it still meant plugging something in so that I could copy files to an internal hard drive. Backing up has to be convenient or backups simply won’t happen.

My first thought was to install linux on an external drive. This would give me the option of using the drive on different computers. Maybe it’s possible, but I never got it to go. I wiped an external drive a couple of times. I used to use Sardu Linux, but it was not that reliable, and the project seldom kept pace with new versions of live CDs. Also the primary developer started putting spammy spyware in the installer at one point.

After a lot of formatting and re-partitioning, this time on my secondary backup drive, I decided to go with a simpler approach and just put the Clonezilla live install on a small partition on the backup drive. This hadn’t worked on my USB external drive, but I wanted to try it with the internal, based on this document. Basically I created an 800mb FAT32partition and extracted the zip to that partition. I used the rest of the disk for a large NTFS partition. I skipped all the GRUB stuff, and I just use the alternate boot menu to boot from the other drive when I want to do my backups. I then set the FAT32 partition to be hidden so it won’t show up in Windows. It would have been great to have a small Linux install for times when I am in a hurry and I don’t want to decrypt my Windows drive, but this will do fine for now.

When we last left our heroes, I had finally gotten Windows working on an SSD after trying a bunch of things, and then basically giving up and then reinstalling everything. Now that the SSD was working, the time had come to encrypt the SSD.

I am a fan of block crypto. I encrypt lots of things, not because I am worried about the government seizing my gear (well, not *that* worried) but because gadgets get lost and stolen. I lost my mobile phone a couple of years ago, and if I hadn’t encrypted it, it would have been nerve wracking worrying about what someone might do with the data that’s on it. So rather than worry about what is or isn’t protected, I just encrypt the whole drive. Full drive encryption is important because Physical Access is Total Access. I have rescued untold amounts of data for others from their crashed or otherwise misbehaving hard drives by removing them and plugging them into a different computer. I don’t normally encrypt the drives on my gaming rigs because if the FBI or whomever needs my Goat Simulator game saves that badly, they are welcome to them. This was a special case because it’s a gaming laptop. My rule is that if it leaves the house, it has to be encrypted.

Modern computers use UEFI to “securely” boot the operating system. I guess this is a security measure to prevent someone from booting your laptop from a CD and stealing all your shit, but since this laptop doesn’t have a Trusted Platform Module, Secure Boot doesn’t protect you from someone plugging your drive into another computer and stealing all your shit, I think it’s more trouble that it’s worth. If you have to ask Windows for permission to boot off a CD, it’s just going to stop the user from doing what he or she wants, it will not stop Proper Villainy(tm).

My favorite disk encryption tool, TrueCrypt, vanished under mysterious circumstances. I won’t get into the conspiracy theories behind its demise, but I have decided to keep encrypting my drive, and that leads me to the next chapter of this saga, where I get punished for using the basic version of Windows.

Part 2 – Solid State Drama’s Revenge

I prefer to run Windows on laptops because of all the bullshit proprietary hardware that goes into them. I am probably showing my age here, but there was a time when hardware support in Linux was spotty. I have swapped out Intel WiFi card for an Atheros cards in laptops to make sure I can do packet injection, but I now have a dedicated Kali laptop for that sort of thing. For my daily driver/EDC laptop, life is just easier with Windows. I know that that fucking with Linux makes a lot of dudes feel superior, and they probably are. For me, I prefer to use Linux for specific tasks (i.e. Kali and Clonezilla) or for servers. With that being said, I am not such a Windows fanboy that I care about the differences between Windows versions. My personal laptop won’t be joining an Active Directory domain, so I just go with whatever version came with my laptop, which I replaced with whatever version MS let me download when I migrated to the SSD.

This path of least resistance philosophy led me to entertain thoughts of using BitLocker to encrypt my hard drive, only I am not running Windows 8.1 Professional or Enterprise, so I guess that BitLocker isn’t included with my version. There is no fucking way that I’m forking over $150 for a new version of Windows after working so hard to save $200 on the RAM and SSD. No TrueCrypt? Fine. No BitLocker? Whatever. I don’t give a fuck. I’ll just use a fork of TrueCrypt called VeraCrypt. Well, VeraCrypt’s boot loader doesn’t play nicely with UEFI and GPT partitions. It only works on MBR disks. feelsbadman.jpg

So after days of messing with various tools to get Windows working on my SSD, and then enduring the hassle of setting up Windows all over again, and waiting on my Steam library to download again, I am faced with yet another hard disk challenge: converting my GPT partitioned drive to MBR without deleting anything. Honestly, now that Steam is in the Debian repos, I am sorely tempted to make my next gaming rig run Linux.

I tried a bunch of things and ended up using the pirated AOMEI tool to do the conversion, and it worked, sort of. The drive booted, and VeraCrypt didn’t bitch about GPT anymore. However, when I went to back up the drive one last time before encrypting it, I discovered that AOMEI half-assed the conversion. According to Clonezilla, my drive had some remnant of the GPT boot stuff left on it that I had to fix with the Linux version of fdisk for GPT, a.k.a gdisk. I have screwed up plenty of working partitions with fdisk, so I was nervous to say the least. Also, the magical -z option that I needed to was buried in the “expert” menu section (AKA Here There Be Dragons!) which added to the danger. Clonezilla said to run gdisk -z but -z isn’t a valid option from the command line.

I read this tutorial to figure out what had to be done, and in the end I just closed my eyes, clenched up my butt cheeks, and hit enter. I got it working, and thankfully I had already made plenty of backups, just in case. Speaking of backups, I should find a way to make running Clonezilla easier…

Update 8/16 – A few months ago, I tried migrating to Win10, but it was a shitshow. I just pirated Win10 Pro (thanks to KMSPico portable, JFGI) and used BitLocker without a TPM. This was less stressful since I set up easy bare metal backups in Part 3.

I bought a new laptop a month ago, which for me is like moving to a new apartment. Getting it set up the way that I want it has been a total pain in the ass. Mostly because I have decided to save money by implementing key features myself, but also because the relentless march of progress in the PC market has left me behind. This was an uncharacteristic purchase for me, but I wanted a powerful laptop that I could write, code, play games, and run multiple VMs on. In short, I violated my first rule of personal computing, which is to use dedicated computers for specific tasks.

The goals were:

Be made mostly of aluminum – my laptops tend to have case or hinge problems before they have actual hardware problems, although when they do have hardware problems, it’s almost always the hard drive.

Be ready for anything – have 16gb of RAM, an SSD, USB3.0 and a high end GPU

Have a big screen and full size keyboard – this is replacing a full-sized laptop

Have ample storage – I also bought a caddy to go into the CDROM bay to house a second hard drive

Be encrypted – I normally don’t keep important things on laptops, or gaming rigs, but this is my main computer now

Be backed up regularly – I am not usually a stickler for backups because I use several computers. But with this machine, I want to be able to do a full disk image fairly easily

I have built enterprise servers in less time than I have spent tweaking this fucking laptop. I have more or less achieved all of my goals at the considerable expense of my time and possibly my sanity. There are three major sources of my discontent. The first is that copying a Windows install to a smaller drive is wildly difficult and Asus makes the process even more so. The second, is that Modern versions of Windows are not very friendly with the block crypto tools that I trust. The third is that because I decided to remove the optical drive, I wanted dual-boot Windows with my favorite cloning tool, Clonezilla.

Part 1 – Solid State Drama
I went with the Asus N550jx because it is a mostly aluminum mid-range gaming laptop with a big screen, full size keyboard with keypad, and a touch screen. I can sort of take or leave touchscreens on laptops, but my wife is a fan. I like for she and I to have the same model of laptop. That way, when she runs into problems, I am already very familiar with the hardware and software she is using. The N550jx comes in two models: one with 8GB of RAM and a 1TB mechanical HDD, and one with 16GB of RAM and a 240GB SSD. Both models have the same processor, GPU, screen, and case, and I was able to price another 8GB of ram and a 250GB SSD for almost half the price of the difference between the two models, for a savings of roughly $200. It was a mistake brilliant idea!

Getting the upgrades installed was a series of misadventures. The first obstacle was that for no good goddamn reason, Asus decided to use #5 Torx screws on the chassis. I have plenty of star bit screw drivers from working on Compaq computers back in the Dark Ages, but no #5’s. So what any red-blooded All American Man would do. First, I went on the Internet and complained, and then I ordered yet another set of screwdriver bits from Amazon.

With the SSD and RAM in place, it was time to get the OS off the mechanical drive onto the SSD. In the past, moving an install of Windows was simply a matter of shrinking partitions with GParted and cloning them with Clonezilla. With the Asus N550jx and Windows 8.1, there is a bunch of bullshit associated with hidden restore partitions with weird flags and whatnot. It is this bullshit that thwarted my countless attempts to migrate the partitions correctly. I even used pirated copies of notable commercial disk cloning tools like Norton Ghost and AOMEI with little success. After a few days of trial and error, I ended up just doing a clean install of Win8 on the SSD. Fortunately, Microsoft lets you create your own install media from an activated Windows system, and Asus is kind enough to make drivers and utilities available on their website for download. So after much installing of software, I had a working OS on the SSD.

All of this trial and error is why I am a huge fan of bare metal backups. I have used all manner of tools and other nonsense to back up Windows and/or data, and the only thing that is truly reliable is dumping the entire drive to an image file on a separate drive. Copying data always leads to missed files, and snapshots and restore points become corrupted especially when malware is involved. Rolling an infected PC back to a restore point is the fastest way to get rid of malware, so most crackers wipe out your restore points as part of the exploit process. Because of this, I don’t really care about recovery partitions, or restore points, or any of that other bullshit. If my laptop eats itself, I just want to roll it back to where it was just before the last time I tried to do something stupid to it. I understand that your typical consumer isn’t familiar with imaging hard drives, and that is why those other tools exist, but for me it’s Clonezilla or GTFO.

I recently switched my Home Theater PC from Windows 7 to Lubuntu. For several years, I have had a box plugged into my TV to play videos downloaded via BitTorrent. 10 years ago, that box was an original XBox, modded to run XBox media center. After that, it was a small Atom powered PC running Windows XP and playing videos via VLC. In the shift from XBMC to Windows, the HTPC evolved from an AVI player into a machine that performs the following functions:

Playing video and music downloaded from BitTorrent

Playing video and music from streaming services like Netflix, Pandora, and Amazon Prime

Playing random videos from sites like Youtube

Rudimentary video conferencing via Skype and a webcam

Rudimentary VOIP via microsip and the mic from the webcam

When I switched from the XBox to a PC, I quit using a media center front end. The family is competent and comfortable using Windows, so using a wireless keyboard with a built in trackball was “good enough”. Most of the functions could be performed with either VLC or Google Chrome. The HTPC also worked consistently and predictably, which is important. We lived together in harmony. Then, everything changed when the Fire Nation attacked Microsoft ended support for Windows XP.

When I reloaded the HTPC with Windows 7 32 bit, the PC’s hardware was no longer up to snuff. It hard drive paged constantly, and streaming media playback was very choppy. I even let the box upgrade to Windows 10 because it’s supposed to be faster. I was reluctant to switch from Windows because I had grown accustomed to DRM’ed streams from Netflix and Amazon via Silverlight. Fortunately, Google Chrome has it’s own dark sorcery built into it that lets Netflix… well, Netflix.

There are over9000! lightweight Linux distributions, and I am sure there are plenty of great arguments for your favorite flavor, but I went with Lubuntu because LXDE is kind of like Windows XP in terms of look and feel. You can put icons on the desktop, which simplifies just about everything, so Lubu and Google Chrome give me most of what I want from my HTPC. I don’t know if Chromium has the dark sorcery rolled into it to enable Netflix, so I went with Google Chrome. Installing Lubuntu was straight forward, I was fortunate in that the PC was really basic, so there was no hardware drama. VLC was a breeze to setup thanks to Lubuntu Software center, but it turns out that Gnome Movie player is fairly capable on its own. One caveat: you might be tempted to use the alternate install, because it fits on a regular CD rom, DON’T. If you want your HTPC to log in automatically, the option to enable that is in the graphical installer, not in the alternate installer. I am sure there is some sort of Config File Fuckery(tm) that makes all Linux things possible, but I could not find it. So do yourself a favor and burn a DVD or make a thumb drive and use the graphical installer.

The wireless keyboard is fine for occasional use, but it’s not great for fast and accurate typing. So the first thing I did was install SSH on the TV box so I could use my laptop to type the rest of the commands necessary. In Lubuntu, you can press Ctrl+Alt+T to bring up a terminal window. In the terminal I typed the following:sudo apt-get install openssh-server

With Chrome set up, the box plays streams from Netflix, Amazon, and YouTube smoothly. Now it was time to make file copying to the HTPC simple. I have a dedicated Windows box running UTorrent and Peer Block for downloading torrents. I should switch to Linux, rTorrent, and Moblock, but the Windows setup works, and keeps me out of trouble with my ISP, so I stick with what works.

Now, it’s time to edit the Samba config and export the home directory. I chose to do this so that on the HTPC I can put videos in the Videos folder and music in the Music folder, and so on:sudo nano /etc/samba/smb.conf

Locate the Share Definitions section and un-comment the following lines:# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares. This will share each
# user's home directory as \\server\username
[homes]
comment = Home Directories
browseable = yes

# By default, the home directories are exported read-only. Change the
# next parameter to ‘no’ if you want to be able to write to them.
read only = no

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0775

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0775

When you are done editing, restart the Samba service:sudo service smbd restart

What this does is allow me to map a drive in Windows to \\htpc\htpc-user and see the folders in the home directory for my HTPC user. It also disables a fair amount of the file system security for the sake of convenience. I do not recommend doing this with a file server that has multiple users, or that does anything other than share stupid files like videos and music that you need to add and delete on a regular basis. Some day I will get my torrent box moved to Linux, and use NFS to mount the video folders so BitTorrent can put them directly on the TV box, but for now, Samba makes it easy to do with Windows.

I connect to the torrent machine with Team Viewer to do all my downloading and uploading. This way I can connect from work, school, or where ever. I have LAN connections enabled so that connections and file transfers are faster between machines on my home network.

The last step is to install Unified Remote so that I can use my tablet or smartphone to control the HTPC. This comes in handy when the batteries in the wireless keyboard are dead, or when my 3 year old daughter has hidden the it at the bottom of her toy box. It also can lead to fun battles for control over the TV. I use my phone to troll my 14 year old as she tries to navigate to her Korean boy band videos on YouTube.

Unified Remote works best when your “servers” (the boxes you want to control) have IP’s that don’t change. There are two ways to achieve this: first is to set a static IP for your HTPC, the other is to set up a DHCP reservation on your router, where your HTPC always gets the same IP when it requests one. Setting a static IP using the Lubuntu network manager is probably straight forward, but I went with the DHCP reservation route. I use reservations for my laptops so I can get a static IP when I’m at home, but I don’t have to mess with my IP settings when I leave home.

chris@chrizzle23.com

Husband, Father, Veteran, cypher punk, hacker spacer, gamer, lover of privacy, free speech, and filthy scumm pirates. My opinions are my own and do not reflect those of hive13, Cinci2600, or my current employer.